Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786.

Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The potential exists for an attacker to run arbitrary code while avoiding the browser’s sandbox protection.

Fixing the issue is relatively easy.  Select Help/About from the Chrome menu (three stacked dots, upper right).  Make sure you are running the current version: version 72.0.3626.121 (Official Build).  If not, Chrome should then go and auto fetch the latest version and then update it for you.   You could also type chrome://settings/help in the address bar if you prefer, which takes you to the same help/about location.

Comments are closed.